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METHOD, ARRANGEMENT AND APPARATUS FOR AUTHENTICATION THROUGH A COMMUNICATIONS NET- 
WORK 

FTKT.D OF TT TC TTWKNTTON 

5 The present invention relates to a method for providing an 
authentication to an application. The invention relates 
further to an arrangement for providing an authentication 
to an application and further to an apparatus to be used 
in the authentication. 

10 

RArKnT?OTTND OF TNK TNVKNTTON 

Various electronic applications exist which involve a need 
for an authentication. Authentication may be required, 
15 for example, when a user is accessing a specific 

application and/or when a user already uses an application 
and there arises a need to verify the user or to receive 
such an acknowledgment from the user which allows the 
application to make some further proceedings. 

20 

Examples of applications which might require an 
authentication include various commercial services 
obtained through communications networks, such as 
Internet, Intranet or Local Area Networks (LAN) , payments 

25 and banking services accessed through communications 
networks, resource access, remote programming, 
reprogramming or updating of software etc. Even certain 
free of charge services obtained through a communications 
networks may require an authentication. The amount of 

30 services or applications which require at least some 
degree of authentication of the user who is trying to 
access them (or of the user who is already using them but 
where there is a need to check authorisation during the 
use of the service or a need to acknowledge something 

35 during the use) has increased greatly during the past 

years. The need for the authentication is also expected 
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to increase further in the future . 

At present there are already some well known solutions for 
communication authentication. These normally use various 

5 cryptographic techniques between two communicating 

computer devices. According to a basic scenario for the 
authentication, a random challenge is given to encryption 
functions of said two computer devices. Both of these 
computers have a secret, ie . an encryption key, which is 

10 also given to the encryption function in both of the 

computers. Thereafter, the results of the calculations of 
the two encryption functions are compared, and if the 
result of the comparison is positive, the authentication 
is considered as being in force. If the comparison gives 

15 a negative result, then the authentication test is 
considered as having failed. 

There are also various already existing authentication 
arrangements. The following examples of the prior art 
20 arrangements are given with a brief description of some of 
the drawbacks thereof : 

Passwords. At present, the use of a password or 
several passwords is the most often used approach for the 

25 authentication. The password is given to the remote 
application through an user interface, eg. through a 
computer terminal connected to a communications network. 
However, this solution does not take the vulnerability of 
the network into account, since the password is exposed to 

30 everyone who has access to the network (and who is skilled 
enough to read the passwords) . 

A secret. This may be described as an electronic 
password or a signature or an encryption key which is 
35 stored and used by for example the user interface. Even 
though the secret is not revealed to the network, it may 
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end up in the "wrong hands" and could be used by some 
party other than those who are originally intended to be 
the users of the secret. 

5 Authentication software in the user interface. This 

is a more sophisticated approach to authentication. The 
password is given to a program in the user interface, 
which then automatically authenticates cryptographically 
access to the requested application. Even though this 

10 provides a more secure arrangement than the above 

solution, it still leaves a possibility for catching the 
passwords from the user interface. It is also possible to 
modify the software without notice to the actual user. 

15 Smart cards with associated readers. A smart card is 

capable of communicating encrypted challenge-response 
messages, but it does not contain a user interface for 
receiving an authorization from the user itself. Such an 
interface may exist in the smart card readers, but such 

20 readers must be well protected against any possibilities 
for misuse, and thus the ordinary users (ie. the large 
majority of users, ie . the public) cannot usually have 
physical access to these reader interfaces, but they have 
to trust to the organization providing the smart cards. 

25 In addition, the smart card readers cannot be shared 
between organizations which do not have trust to each 
others . 

Smart cards with a user interface. These do already 
30 exist, but they are expensive since each security 

processor must have a secure user interface of it's own. 
These are rare and the input/output capability thereof is 
still extremely limited, and thus they are not held to be 
an economically suitable solution for the authentication 
35 problem. 
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A separate personal authentication device. In this 
approach the user is used as "a communication means" 
between the user interface and a separate authentication 
device. The user interface gives a challenge which the 
5 user then types in to a hand held authentication device 
(pocket-calculator like device) . The authentication 
device may, eg. give a number as a response, and the user 
then types this number in to the user interface. In this 
the problems relate to the need of purchasing, using and 
10 carrying a separate device. In some instances there is 

also a possibility of incorrect typing of the usually long 
and complex character strings. 

The above already mentions some parties which may be 
15 involved when implementing the present authentication 

systems. They are briefly explained in more detail in the 
following : 

The user is usually a human being who uses various 
20 applications or services. The user can be identified by 
means of a password (or secret) which is only known by 
him/her (a public key method) , or by means of a secret 
which is shared between the user and the application (a 
secret key method) . 

25 

The application is the party that wants to ensure the 
authenticity of the user. The application can also in 
some occasions be called as a service. From the 
application's point of view the authenticity question can 

30 be divided in four different categories (questions) : 1) is 
the user at the moment in the other end? (so called peer- 
entity-authentication) , 2) are the further messages 
received from the same user? (integrity of the message 
stream), 3) does a specific message originate from a 

35 certain user? (data origin authentication) , and 4) is the 
message such that even a third party may believe it to 
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originate from a certain user? (non-repudiation) . 

The user interface is the device or arrangement which 
enables the user to access the application or service. In 

5 most instances it can also be referred to as a terminal, 
and may consist of devices such as computers (eg. 
Personal Computer, PC), workstations, telephone terminals, 
mobile stations such as mobile telephones or radios or 
pagers, automatic money teller and/or banking machines, 

10 etc. The user interface provides input/output facilities 
and it may possibly even provide a part of the 
application . 

The Personal Authentication Device (PAD) is a piece 
15 of hardware that the user carries with him. The PAD may 
have some basic input/output functionality and even some 
processing facilities. The above referred smart cards and 
separate authentication devices may also be considered as 
PADs. In most cases the user can rely on his PAD, since 
20 the user has it (almost) always with him and thus under 

continuous control. All the possible passwords or secrets 
are hidden in the hardware thereof such that there is no 
easy manner to reveal them. The device itself is not easy 
to modify such that the communication path between the 
25 user and the security processor could be endangered. In 

addition, the PADs usually have a minimum amount of stored 
state and the programs thereof are not easily modifiable. 

STTMMAKV OF T NK TNVF.NTION 

30 

Even though the above described prior art solutions for 
authentication already exist, there are still some 
shortages, in addition to those already referred to above, 
in the area of authentication. 

35 

In case the access to the application is made absolutely 
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secure, or as secure as possible, the application easily 
becomes extremely complex from the architecture thereof, 
and becomes also complicated and more time consuming to 
access and use. The increased security level increases 
5 the amount of the required hardware and software, which 
leads to an increased need for maintenance and updating 
thereof, and thus the total costs of the authentication 
may become high. The complexity and costs could be 
decreased by lowering the level of security, but this is 

10 expected to lead to an insufficient security level in the 
communications. In addition, it is believed that an 
"absolutely secure" condition does not even exist in the 
communications networks, as the technical development 
makes it possible for hackers to solve even the most 

15 complicated security arrangements. 

A human problem lies on the fact that the passwords or 
secrets may become quite complicated and/or too long, or 
that there may be too many of them. Thus the users may 
20 find it hard to remember them. Typically a secret which 
is considered as secure in the secret key method is 128 
bits and in the public key method it is 1024 bits. For 
most people it is impossible to remember this kind of key. 

25 In addition, users are not able to perform the 

calculations required in the authentication without 
external devices. As was explained above, the basic 
authentication is often made by challenge and response 
method. This would require the user (ie. a human) to 

30 encrypt something with his secret. This is not held to be 
possible in practice. 

In addition to the possibility of catching the password or 
secret during it's transmission over an open 
35 communications network as was discussed above, today's 
solutions do not pay sufficient attention to the 
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vulnerability of the user interfaces either. The terminal 
devices have developed to be full of complex technology 
and software such that most of the users are no longer 
capable of fully controlling the terminals, or 
5 understanding the operation thereof. In addition, it 
often occurs that many users share the same terminal 
device (eg. is a commonly used PC) and/or that external 
maintenance personnel has access to the computers of a per 

se closed organization. 

10 

The computer terminals contain stored state and programs 
in the memory means thereof, which can be modified. In 
modern computers it is possible to modify the software 
thereof even such that the user does not notice this, and 

15 even through the communication paths without any physical 
access to the device itself. To give an example of the 
risks, it is possible to modify a program in a computer 
terminal such that it modifies the data the user sends for 
example to a bank such that the computer modifies all bank 

20 transfers on a certain day to another account than what 
was designated by the user. This modifying or 
reprogramming without notice may cause serious and huge 
damages when used against ordinary individual users, and 
especially when used against organizations such as 

25 companies or public administration. This all means that 
the ordinary terminal devices and communication paths 
cannot be trusted. 

Therefore it is an object of the present invention to 
30 overcome the disadvantages of the prior art solutions and 
to provide a new type of solution for authentication. 

An object is also to provide a method and an arrangement 
by means of which a user who wishes to access an 
35 application can be authenticated in a more secure manner 
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than has been possible in the prior art. An object is 
also to provide an authentication when a need for the 
authentication arises during the use of an already 
accessed application. 

5 

An object of the present invention is also to provide a 
method and arrangement by means of which a mobile station 
can be utilized in the authentication. 

10 An additional object of the present invention is to 

provide a solution in which an identification module of a 
mobile station can be utilized in the authentication. 

Other objects and advantages of the present invention will 
15 be brought out in the following part of the specification 
taken in conjunction with the accompanying drawings. 

The objects are obtained by a new method for providing an 
authentication to an application provided through a 

20 communications network. According to the present 

invention a connection between the application and a user 
interface through said communications network is 
established so as to enable an access of a user to the 
application provided through the communications network, 

25 while an authentication to said application is provided by 
means of a mobile station communicating through a mobile 
communications network . 

According to one further embodiment the authentication 
30 method comprises a step of establishing a connection 
between an application and a user interface through a 
communications network so as to enable an access of a user 
to the application provided through the communications 
network. The authentication to said application is 
35 provided by means of a mobile station such that a secret 
of a Subscription Identification Module (SIM) of the 



WO 99/44114 



PCT/EP99/00763 



-9- 

mobile station is utilized in encryption operations of the 
authentication . 

The invention provides further an arrangement for 
5 providing an authentication to an application provided by 
an application provider through a communications network. 
The arrangement comprises a user interface and a 
connection between the application and the user interface 
through said communications network so as to enable use of 
10 the application. The arrangement further comprises means 
for authenticating the use of the application, wherein 
said means for authenticating comprise a mobile station 
communicating through a mobile communications network and 
a link between the application implemented by the 
15 communications network and the mobile communications 
network . 

According to an alternative embodiment the invention 
provides a mobile station for providing an authentication 

20 to an application provided through a communications 

network. In this embodiment the application is accessed 
by means of a user interface connected to the 
communications network, while said mobile station is using 
a different communications network for the communications 

25 than the user interface. Said mobile station is used for 
authenticating the use of said application accessed by the 
user interface. 

Several advantages are obtained by means of the present 
30 invention, since the solution introduces a new reliable 
manner for authentication. The inventive authentication 
method and arrangement is easy to implement in already 
existing communications networks without any excessive 
alternations or additional devices. The arrangement can 
35 be used in connection with various different applications, 
in practice in connection with any such application 
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provided through a communications system which needs some 
kind of authentication. 

The user is freed from carrying a separate authentication 
5 device (PAD) or many different authentication devices. 
The user can also trust to the personal authentication 
device (PAD) according to the present invention, as the 
mobile station is usually always with him, and the users 
tend to take good care of their mobile stations. In 
10 addition, for instance in case of theft of a mobile 

station, the mobile subscription and/or the SIM thereof 
can be easily canceled by the operator. All secrets of a 
mobile station are well hidden in the hardware thereof 
such that it is not easy to reveal them. In addition, the 
15 mobile station device itself is not easily modifiable in 
such a way that the communication path between the user 
and the security processors could be endangered. 

The system includes a minimum amount of stored state and 
20 the programs are not easily modifiable. The existing SIM 
of a mobile station, and more precisely the secret 
thereof, can be utilized for the required encryption 
procedures. Thus the SIM can be utilized as a security 
card for new purposes, and there is already an existing 
25 party who will control the use of the SIM, ie . the mobile 
network operator who can immediately cancel a SIM if fraud 
is suspected. 

In the following the present invention and the other 
30 objects and advantages thereof will be described by 

examples with reference to the annexed drawings, in which 
similar reference numerals throughout the various Figures 
refer to similar features. It should be understood that 
the following description of the invention is not meant to 
35 restrict the invention to the specific forms presented in 
this connection but rather the present invention is meant 
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to cover all modifications, similarities and alternatives 
which are included in the spirit and scope of the appended 
claims . 

5 RRTFF DESPPTPTTO N OF TOK DPAWTNflfi 

Figure 1 shows a general view of one possible arrangement 
of communications networks in which it is possible to 
implement the present invention; 

10 

Figure 2 is a schematic presentation of an embodiment for 
authenticating a user according to the present invention; 

Figure 3 discloses schematically one possible mobile 
15 station and an embodiment of the present invention; 

Figures 4 and 5 disclose flow charts according to two 
embodiments of the present invention; 

20 Figure '6 discloses an alternative embodiment for the 

authentication in accordance with the present invention; 
and 

Figure 7 is a schematic presentation which relates to a 
25 further embodiment of the present invention. 

DFTATT.FP DF.flPRTPTTON OF THF, DRAWINGS 

Figure 1 is a schematic representation of one network 
30 arrangement which can be used when implementing the 

present invention. The arrangement of Figure 1 comprises 
a Public Switched Telephone Network (PSTN) which is 
schematically shown as a box designated by 20. The 
exemplifying PSTN is a fixed line telephone network (or 
35 Plain Old Telephone Service, POTS) , which forms a 

communications network through which a user interface 16 
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is enabled to access an application. According to this 
embodiment a user (not shown) may use the user terminal 16 
connected to the PSTN as a user interface to access to the 
desired service in one of the WWW servers 45 obtainable 
5 through an Internet connection. The disclosed terminal 16 
is a personal computer (PC), but other types of user 
interfaces, such as workstations, automatic public teller 
machines etc. may also be used. 

10 A Public Land Mobile Network (PLMN) is also disclosed. 

This may be, for example, a cellular telephone network or 
similar mobile communications system. Two mobile stations 
MS 1 and MS+PC 2 are also disclosed. The MS + PC 2 may be 
defined as an integrated mobile phone and a portable 

15 computer. Both of these are capable of communicating 

through an air interface 3 with the PLMN through one of 
several base stations (BS) 4 of the PLMN. 

One type of PLMN is a digital GSM network (GSM; Global 

20 System for Mobile Communications) , which is well specified 
in the GSM recommendations by ETSI (European 
Telecommunications Standard Institute) , the network 
architecture thereof being described in detail in 
recommendations GSM 01.02 or GSM 03.02 or the revised 

25 versions thereof. It is to be noted that while the 
invention is mainly described in the context of an 
exemplifying cellular telephone network using GSM 
terminology, those skilled in the art will appreciate that 
the present invention can be implemented in any mobile 

30 system. Furthermore, it is to be noted that for clarity 

reasons only those parts of a mobile network structure are 
shown which are considered as necessary for the purposes 
of illustrating the operation of the exemplifying system. 
The skilled person is well aware of the fact that the 

35 telephone networks may normally comprise also other 

necessary apparatus than those illustrated, that some the 
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disclosed elements of the PLMN or PSTN may be omitted or 
replaced by some other type of elements, and that a great 
number of mobile networks and ordinary fixed land line 
networks may cooperate and interchange with each other. 
5 The skilled man understands also that the connection to 
the Internet may also be a direct connection without any 
PSTN or similar network arrangement between the user 
terminal 16 and the Internet 43. These alternatives are, 
however, not shown and explained in more detail as they 
10 are known to skilled man in the art. 

The GSM based public land mobile network (PLMN) usually 
includes several mobile service switching centers (MSC) 
10. Each of these is, in turn, connected to a plurality 

15 of base station subsystems (BSS) 6 (only one MSC and BSS 
is shown for clarity) . The base station subsystem 6 
usually comprises a base station controller BSC and 
necessary interface apparatus, and is connected to a 
plurality of base stations (BS) 8, each of which 

20 supervises a certain geographical area, referred to as a 
cell (for the cells, see Figure 7) . 

The mobile services switching center 10 of Figure 1 is 
further connected or linked to the public switched 

25 telephone network (PSTN) 2 0 through an exchange 12 and 
lines 12 . The MSC 10 is also connected to a global 
communications network, which in the example is the 
Internet (designated by numeral 43) . The MSC may be 
connected to an integrated services digital network (ISDN) 

30 or any other type of appropriate communications network. 
The necessary links between different components of 
different telecommunication network systems are per se 

well known in the art. 

35 The PLMN network includes further a database, the so 

called home location register (HLR) 9, which is connected 
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to the MSC. Those mobile terminals 1 and 2 which are 
subscribers of the mobile telecommunications network are 
registered in the HLR 10. Each local mobile telephone 
switching center 10 includes further a local database 
5 called a visitor location register (VLR) 8, into which is 
registered all such mobile stations 1 and 2 which are 
located within the area of one of the cells handled by 
that local mobile telephone services switching center MSC 
at any given moment . 

10 

The mobile stations are identified by a SIM (Subscriber 
Identification Module) which is usually mounted within 
each of the mobile stations, or otherwise physically 
connected thereto. A SIM is a module which includes 

15 various user (subscription) related information and 

secrets. It may also include further information which 
relates to the encryption of the radio communications. 
The SIM may be assembled fixedly or removably to the 
mobile station. The utilization of the SIM as well as the 

20 HLR and/or VLR registers in this invention will be 

discussed in more detail later in this specification. 

As discussed, the user may be connected to the Internet 43 
via a fixed or a mobile network or via a direct 

25 connection. However, there may be some differences 

between the connections when for example GPRS (General 
Packet Radio System) is concerned, but the service from 
the Internet network is available for the users of both 
PSTN and PLMN systems. In the example, the Mobile 

30 Switching Center (MSC) 10 as well as the PSTN 20 are 

provided with an access to the multiprotocol Internet 43 
by access nodes (AN) 14 and 40. Even though only one AN 
per communications network is disclosed, it is to be 
understood that in practice the number of ANs may be 

35 essentially greater, and that the number of ANs is also 
increasing continuously. According to one solution a 
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special Internet Access Server IAS capable of converting 
the signal into data packets is used as an AN towards the 
Internet . 

5 The users of the Internet 43 have made a contract with a 
Internet Service Provider (ISP) 42, who provides the 
communications connection to the Internet from the user 
terminals 1, 2 or 16 . When the user desires to have an 
Internet connection, he calls to the Internet Service 

10 Provider (ISP) 42 so as to connect his terminal 16 to the 
desired address (so called Internet Protocol address) . 
The call connection is established by the PSTN 2 0 and 
passes through at least the local exchanges 18, and 
perhaps one or several transit exchanges which are 

15 connected or interconnected through trunk lines (not 

shown) . It is to be understood that even though Figure 1 
discloses only one ISP through which both networks 
communicate towards the Internet, communication could be 
arranged through different ISPs. 

20 

Figure 1 discloses further a WWW server 45 (World Wide Web 
server) which includes server databases x, y and z 
providing different services. It discloses also a 
connection from the ISP through the router 44 to said 
25 server 45 via the Internet 43. It is to be understood 

that the service can be any service obtainable through any 
communications network, such as a banking service, an 
electronic shopping service etc., in which authentication 
is required. 

30 

The mobile station 1 (or 2) is used as a personal 
authentication device (PAD) when the user accesses, or has 
already accessed, via the user interface 16 through the 
PSTN 20, a service x provided by the WWW server 45. The 
35 mobile station 1 communicates with the service x through a 
separate communications path or channel than is used by 
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trusted because the user usually keeps it always with him. 
The ergonomic and functional requirements for the mobile 
stations and for the conventional PADs are essentially the 
5 same, and the MS has a user interface that is suitable for 
the PAD. A modern MS has even a security processor 
interface that is suitable for authentication purposes. 

There are several alternatives to accomplish the 
10 authentication by means of the mobile station, and the 

examples thereof will be now discussed in the following in 
more detail. 

Reference is now made to Figures 2 and 4, of which Figure 

15 2 discloses schematically one arrangement for the 

authentication and Figure 4 a flow chart for the operation 
in accordance with one basic embodiment. The user 22 
sends a request by means of the user terminal 16 to access 
a desired application 45, such as a banking service, 

20 through a connection established by means of a 

communications network (arrow 21 in Fig. 2; steps 102 and 
104 in Fig. 4) . The application 45 may comprise a 
database 46, or is connected to a separate database, such 
as the HLR 9 of the MSC 10 of Fig. 1, from which the 

25 application is enabled to retrieve the necessary user 
information. On the basis of this information the 
application establishes a connection to the mobile station 
1 of the user 22 (arrow 26; step 106) for authentication 
purposes. At this stage the user may accept the 

30 connection 21 made by the user interface 16 by sending 
back a confirmation signal 2 9 (ie. an acknowledgment) 
using the mobile station 1 indicating that access is 
allowed and that the actual use of the service may begin 
(steps 108 and 112) . In case the authentication fails, 

35 eg. on the basis that the application cannot reach the MS 
1, all connections are closed (step 110) . Alternatively 
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the user may be allowed to retry the access, either 
immediately or after a certain time period, or the user 
may be instructed by the user interface 16 to take some 
additional measures due to the failed authentication. 

5 

One way to implement the authentication, or the 
acknowledgment feature, is to use short messages of a 
short message system (SMS) of the PLMN. In the GSM 
system, a SMS MSC (SMS Message Service Center) designated 

10 by 7 in Fig. 1 is provided for the delivery of short 

messages to and from the mobile stations. The service 
center 7 sends the messages to the mobile subscribers 
using the same network elements as were discussed above 
and defined by the referred specifications. The SMS 

15 message signaling usually contains, eg. the receiver 
identification, sender information, time stamp etc. 

Figure 3 discloses a solution in which the mobile station 
MS 1 has received a SMS message. The method steps for 

20 this are shown by the flow chart of Figure 5 . According 
to this embodiment the user has requested, after having 
accessed the banking service through the user interface 
16, that a sum of 200 FIM should be transferred from 
account No. 1234-4567 to an account No. 4321-7654 (step 

25 204) . The application retrieves the user related 

authentication data from an appropriate database (step 
206) , and sends accordingly a text message to the mobile 
station 1 (step 208) . The MS 1 displays the text as 
shown, and asks the user to confirm or to deny the 

30 transaction by pressing "Yes" or "No" keys, respectively 
(step 210) . The response is then transmitted back to the 
application, and in case of "Yes" the transaction proceeds 
(step 214) and in case of "No" some other measures are 
taken . 

35 

The arrows 2 7 and 28 of Figure 2 can also be seen as 



WO 99/44114 



PCT/EP99/00763 



illustrating the stage in which the MS 1 and the user 2 
communicate: information received by looking at the 
display 31 of the MS 1 is indicated by arrow 27, and the 
response given by the user to the MS 1 is indicated by 

5 arrow 28. As explained, the user may choose a proper 

selection by pressing either Y or N key 32 of the MS. In 
case the user accepts, ie . "signs'* the transaction, the 
banking service will then proceed accordingly. In case 
the user will not confirm the transaction, ie . presses the 

10 "No" key, the application may send a request to the user 
interface to feed in a correction, a cancellation, a new 
destination account etc. (steps 216, 218). 

In case the application does not receive any response 
15 within a certain time period, or the response is somehow 
incorrect, the application may either send a second 
request for the confirmation, or close down all the 
connections . 

20 The user may process several subsequent transactions and 
even some other banking services after having once 
accessed the application. When the user finally replies 
at step 216 to the user interface 16 that he does not want 
to continue, the connections are closed (step 220) . 

25 

According to one embodiment of the present invention the 
information contained in the HLR and even in the VLR of 
the PLMN of Figure 1 can be utilized when implementing the 
inventive authentication arrangement. This is enabled by 

30 the fact that each of the mobile subscriptions includes, 
in the HLR 9 of Figure 1, information relating to the SIM 
(Subscriber Identification Module) already referred to, an 
IMSI (International Mobile Subscriber Identity) and MSISDN 
(Mobile Subscriber ISDN number) as well as to the location 

35 information (VLR number) , basic telecommunications 

services subscriber information, service restrictions and 
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supplementary services etc. 

Therefore Figure 3 can be seen to disclose also a SIM 
(Subscriber Identification Module) card 34 inserted within 
5 the MS 1. The telephone company usually uses the SIM for 
controlling payments and location of the user. Thus the 
SIM card 34 has to be connected to the MS 1 before taking 
it into use, and making telephone calls. The MS 1 of 
Figure 3 includes further a MS PAD controller 35 (Mobile 

10 Station Personal Authentication Device controller) . From 
these the SIM 34 may be used in the invention as the means 
for identifying the user and/or including a secret or 
several secrets, and the MS PAD controller 3 5 is used for 
controlling the authentication operations. In addition to 

15 the general control of the authentication procedure, the 
controller 35 may, eg., be arranged to make all the 
calculations relating the various encryption operations. 
The arrangement in which the SIM 34, which is controlled 
by the MS PAD controller 35, can be utilized in the 

20 authentication procedure varies. Examples thereof are 
shortly explained in the following. 

Instead of the above referred arrangement utilizing SMS 
services, the transactions can also be acknowledged such 

25 that the application, such as the banking service or 
another commercial service paid by an electronic 
transaction, sends the details of the transaction to the 
MS PAD 3 5 as a data signal through the mobile network. 
The correctness of the signal can be ensured by means of a 

30 checksum calculated by the MS PAD 3 5 in accordance with a 
predefined algorithm and utilizing the secret of the SIM 
34 : the checksum has to match with the sum displayed by 
the user terminal 16. If the user accepts the 
transaction, he acknowledges it and gives a permission for 

35 the MS PAD 3 5 to "sign" the message signal 2 6 from the 

application by using user's secret (eg. when using public 
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key encryption and a non-repudiation is required) or using 
a secret shared with the application. Thereafter the 
application will proceed as requested by means of the user 
interface. According to one embodiment, the secret or 
5 secrets of the SIM 34 can also be used for the encryption 
of the messages and/or signaling between the application 
and the MS . 

Figure 6 discloses an alternative embodiment for Figure 2. 

10 In this embodiment the user interface 16 is in a form of 

an ordinary telephone terminal connected to the PSTN 2 0 in 
a per se known manner. The PSTN is further connected to 
intelligent network services (IN) 60 which forms the 
application in this embodiment. The mobile station 1 

15 includes a PAD controller 3 5 and a SIM 34 as described 
above in connection with Figure 3 . According to one 
embodiment MS PAD pairs, which contain a predefined pair 
of a service identifier for the given service and a 
personal secret, are stored within the PAD controller. 

20 These pairs may be used, eg., in the following manner. 

The user accesses a service in said IN by establishing a 
telephone call to the service (arrow 21) . The application 
challenges the user with a number given as a voice 

25 message, or by means of a possible display on said 

telephone terminal (arrow 61) . The user keys in this 
challenge together with a specific number for the service 
to the MS by the keypad (arrow 28) , whereafter the PAD 
controller accomplishes the necessary calculations 

30 according to predefined algorithm to receive a further 

number strings . In this calculation the secret stored to 
the SIM for that particular user may form a part of the 
algorithm. This secret may be either an application 
specific secret or a secret of the PLMN. The result of 

35 the calculation is then fed in to the user interface 16 

(arrow 62) , and transmitted to the IN service in question 
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through the PSTN 20. In case this matches to the expected 
value, the IN service 60 allows the user to initiate the 
use thereof by the fixed line terminal 16. 

5 The above mentioned embodiment can be used, eg. when 
paying telephone calls or services obtained through any 
ordinary POTS line telephone. For instance, this enables 
an arrangement in which calls by any telephone terminal 
are charged from the mobile telephone subscription (ie. 

10 from the holder of a particular SIM card) . The mobile 
subscribers may find this service useful, eg., in 
instances where the calls made by the mobile telephone are 
more expensive than calls by an ordinary POTS telephone, 
or when the MS 1 is not within an area of any such mobile 

15 network into which the user could have a proper radio 
connection . 

According to one additional embodiment (not shown) the 
mobile station 1 and the user interface 16 are capable of 

20 directly communicating with each other through suitable 
operational connection, such as a radio connection, an 
infrared connection or a fixed conduit connection with 
necessary couplings. This reduces the risk for mistyping 
errors which the user might do when acting as a "link" 

25 between the MS 1 and the user interface 16 . 

According to one alternative a mobile station is arranged 
to receive more than one SIM card 34. By means of this, 
one single mobile station could be used for different 

30 authentication purposes. For example, a user could have 

three different SIMs : one for the authentications required 
by his work, one for the personal needs, and one for a 
still further need, eg. for a "chairman of an 
association" . Each of the SIMs may have a telephone 

35 number, alarm tone etc. of their own. 
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According to a further alternative the MS 1 communicates 
through a PLMN with the application, and the messages 
and/or signaling required in this communication is 
encrypted using the secret or secrets of the SIM. This 
5 enables a secure communications using only one 

communications network, ie . the PLMN, as the secret of the 
SIM is unique, and it is not possible for third parties to 
obtain information contained in the signaling or to break 
into the signaling. 

10 

A further embodiment of the present invention is now 
explained with reference to Figures 1 and 7. Figure 7 
discloses a schematic cell map of an arbitrary geographic 
area, which is divided into a plurality of contiguous 

15 radio coverage areas or cells. While the system of Figure 
7 is illustrated so as to include only ten cells (CI to 
CIO) , the number of cells may in practice be larger. A 
base station is associated with and located within each of 
the cells, these base stations being designated as BS1 to 

20 BS10, respectively. The base stations are connected to 
the base station subsystems (BSS 6 of Figure 1) . A cell 
may also cover one or several base stations. The cells 
are grouped into four groups A to D, wherein each group 
may include one or more cells, as is marked by 

25 corresponding markings . 

Each group is seen by the system as one unit, ie . one 
area, such that four different cell categories A to B are 
provided. The purpose of this is to illustrate that the 

30 cells may be divided into different authentication 

categories, or classes. The idea behind this is that the 
authentication data within the authentication database may 
include restrictions which do not allow the user to access 
the application in case he is not situated within a 

35 certain predefined cell area. For example, if a company 
uses a MS of an employee for authentication, it is 
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possible to limit the area such that the authentication 
possibility can be restricted to be allowed only in those 
cells (eg. within the area A) which are near to the 
office of the company. 

5 

The above can be easily implemented by means of the 
visitor location register VLR, designated by 8 in Fig. 1. 
The mobile station (MS) 1 or 2 roaming in the area of the 
MSC is controlled by the VLR 8 which is responsible for 

10 this area. When the MS 1 or 2 appears in the location 

area, the VLR initiates an updating procedure. The VLR 8 
has also a database which includes, eg., the IMS I, MSISDN 
and location area in which the MS is registered according 
to, eg., GSM 09.02 specification. So-called cell global 

15 identification includes further a cell identity, and is 

included in the messages between the MS 1 and the MSC 10. 
This information may be used as an identification 
indicator to find the mobile station MS 1 location, which 
is then utilized in this embodiment. 

20 

It is noted herein that the mobile station can be any kind 
of apparatus providing a possibility for mobile 
communications for a user other than the mobile telephone 
1 or the integrated unit of mobile telephone and a 

25 computer 2 . The latter arrangement is sometimes also 
referred to as a "communicator". One example of other 
suitable mobile station is a pager, ie . the "beeper" 
capable of displaying a character string. What is 
important is that the mobile station is capable of 

30 receiving and/or transmitting desired information, which 

in some instances may even be in the form of text or voice 
messages only instead of a specific authentication signal 
or code . 

35 In addition, in the above examples the application 45 is 

arranged to provide linking between the two communications 
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networks such that they both can be used for the 
connection of the user to the application. However, this 
may well be accomplished by some other party. For 
instance, the ISP or similar service provider or the 
5 telecommunications network operator may operate as an 
authenticating organization and/or provide the linking 
between the two communications networks, and provide a 
secure connection to the actual application. 

10 Thus, the invention provides an apparatus and a method by 
which a significant improvement can be achieved in the 
area of authentication. The arrangement according to the 
present invention is easy and economical to realize by per 

se known components and is reliable in use. It should be 
15 noted that the foregoing examples of the embodiments of 
the invention are not intended to restrict the scope of 
the invention defined in the appended claims. All 
additional embodiments, modifications and applications 
obvious to those skilled in the art are thus included 
20 within the spirit and scope of the invention as set forth 
by the claims appended hereto. 
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Claims 

1. A method for authenticating a user to an application, 
5 the application being available to the user through a 

first communications network, the method comprising: 

establishing a connection between the application and 
a user interface through said first communications network 
so as to enable a user to access the application; and 
10 authenticating the user to said application by means 

of a mobile station communicating with the application 
through a second communications network. 

2. A method according to claim 1, wherein the step of 
15 authenticating comprises using the mobile station to 

verify the identity of the user as the user accesses the 
application by the user interface. 

3. A method according to claim 1, wherein the step of 
20 authenticating comprises using the mobile station for 

acknowledging a transaction or proceeding which the user 
has previously requested from the application through the 
user interface. 

25 4. A method according to any one of the preceding claims, 
wherein the mobile station is a cellular telephone and 
said second communications network comprises a digital 
cellular network. 

30 5. A method according to any one of the preceding claims 
and comprising utilizing a secret of a Subscription 
Identification Module (SIM) of the mobile station for 
encryption of signalling associated with the 
authentication step . 

35 

6. A method according to any one of the preceding claims, 
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wherein a Subscription Identification Module (SIM) of the 
mobile station is used for providing the identity of the 
user . 

5 7. A method according to claim 6 and comprising the step 
of charging the costs of the connection from the user 
interface to the application to the holder of the 
subscription identified by the SIM. 

10 8. A method according to any one of the preceding claims, 
wherein at least part of the signaling between the 
application and the mobile station is in the form of short 
message system text messages. 

15 9. A method according to any one of the preceding claims 
and comprising the step of using area location information 
of the mobile station as one parameter of the 
authentication procedure. 

10. A method of providing an authentication to an 
application available to a user through a communications 
network, the method comprising: 

establishing a connection between the application and 
a user interface through said communications network so as 
to enable access of a user to the application; and 

providing an authentication to said application by 
means of a mobile station such that a secret of a 
Subscription Identification Module (SIM) of the mobile 
station is utilized in encryption operations of the 
authentication . 

11. An arrangement for providing an authentication to an 
application provided by an application provider through a 
communications network, comprising : 

35 a user interface; 

a connection between the application and the user 
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interface through said communications network so as to 
enable use of the application; and 

means for authenticating the use of the application, 
wherein said means for authenticating comprises a mobile 
5 station communicating through a mobile communications 

network, and a link between the application implemented by 
means of the communications network and the mobile 
communications network . 

10 12. An arrangement according to claim 11, wherein the 
mobile station is a cellular telephone and the mobile 
communications network is a digital cellular network. 

13. An arrangement according to claim 11 or 12, wherein 
15 authentication signaling to and from the mobile station 

are in the form of text messages provided by a short 
message system (SMS) of the mobile communications network. 

14 . An arrangement according to any one of claims 11 to 

20 13, wherein the mobile station comprises a mobile station 
personal authentication device (MS PAD) arranged to 
control the authentication procedure, and a subscription 
identification module (SIM) including a secret and being 
operationally connected to the MS PAD, wherein the secret 

25 of the SIM is arranged to be utilized in the 
authentication procedure. 

15. An arrangement according to any one of claims 11 to 
14, characterised in that the application is a banking 

30 service, an electronic shopping service, or some other 
commercial service requiring an acknowledgment for an 
electronic transaction . 

16. A mobile station for providing an authentication to an 
35 application provided through a communications network, 

wherein : 
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the application is accessed by means of a user 
interface connected to the communications network; and 

said mobile station uses a different communications 
network for the communications than the user interface, 
5 and the mobile station is used for authenticating the use 
of said application accessed by the user interface. 

17. A mobile station according to claim 16 and comprising 
an integrated mobile station personal authentication 

10 device (MS PAD) arranged to control the authentication 
procedure . 

18. A mobile station according to claim 16 or 17, wherein 
the station is a digital mobile telephone and comprises a 

15 subscription identification module (SIM) including a 

secret, wherein the secret of the SIM is arranged to be 
utilized in the authentication procedure. 

19. A mobile station according to claim 18 and comprising 
20 at least one additional SIM. 

20. A mobile station according to claim 16 or 19 and 
comprising means for directly interfacing with the user 
interface, such as by an infrared or radio transceiver 

25 capable of communicating with the user interface. 



WO 99/44114 



PCT/EP99/00763 




WO 99/44114 



PCT/EP99/00763 



2/6 



21 



Appli- 
cation 




23 24 22 

i=22. 



z 



I 



46 45 26 29 1 



Al 



Fig. 2 



Fig. 3 



USER 




27 28 




WO 99/44114 



PCT/EP99/00763 



3/6 



Start 

I 

Establish a connection between 
an application and a user interface 
through a communications network 



102 



Access the application 




104 



i 



Authenticate the user by means of a MS 
by establishing a communication 
connection through a separate 
communications network 




106 



_ 108 



Close 

connections 



110 



Proceed as required by the application 
procedures 



I 




112 



Close connections 



T 

End 



114 



Fig. 4 



WO 99/44114 



PCT/EP99/00763 



4/6 



210 
212 



Start 

* 

Establish a connection between 
banking services and user interface 



Request for a transaction from one 
account to another 



± 



Retrieve related user authentication 
data from database 



I 



Send a text message to the MS of the 
user of the banking services in 
accordance with the user data 



T 



Display the message, ask for 
an acknowledgement 



Proceed the transaction 



202 



-204 



-206 
208 




"Please 
re-enter" 



Close connections 



J 



End 



Fig. 5 



WO 99/44114 PCT/EP99/00763 

5/6 



IN 

Services 




Fig. 6 



WO 99/44114 



PCT/EP99/00763 




SUBSTITUTE SHEET (RULE 26) 



INTERNATIONAL SEARCH REPORT 



Inter >nal Application No 

PCT/EP 99/00763 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 6 G06F1/00 H04L29/06 G07F7/08 



According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 6 H04Q G06F H04L G07F 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and. where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ° Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



US 5 668 876 A (FALK JOHAN PER ET AL) 
16 September 1997 

see column 3, line 21 - column 6, line 55 

WO 95 19593 A (KEW MICHAEL JEREMY; LOVE 
JAMES SIMON (GB)) 20 July 1995 

see page 7, line 10 - page 10, line 2 
see page 13, line 29 - page 14, line 6 

WO 96 13814 A (VAZVAN BEHRUZ) 9 May 1996 
see page 3, line 7 - page 7, line 31 



FR 2 740 291 A (SAGEM) 25 April 1997 
see page 7, line 1 - line 32 



I, 2,4, 

II, 12, 
15,16,20 
10 

I, 2,10, 

II, 16, 
18,20 
5,6,8,13 



10 

I- 6,8, 

II- 18 

5,6,14, 
15,19 



□ 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



° Special categories of cited documents : 

"A" document defining the general state of the art which is not 
considered to be of particular relevance 

"E" earlier document but published on or after the international 
filing date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

"O" document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



"T" later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

"&" document member of the same patent family 



Date of the actual completion of the international search 



15 June 1999 



Date of mailing of the international search report 



22/06/1999 



Name and mailing address of the ISA 

European Patent Office, P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040, Tx. 31 651 epo nl, 
Fax: (+31-70) 340-3016 



Authorized officer 



Behringer, L.V. 



Form PCT/1SA/210 (seoond sheet) (July 1992) 



INTERNATIONAL SEARCH REPORT 

. .ormation on patent family members 



Interr lal Application No 

PCT/EP 99/00763 



Patent document 




Publication 




Patent family 




Publication 


cited in search report 




date 




member(s) 




date 


lie 

Uo DOOoo/O 


A 
n 


1 fv-nQ-1 QQ7 


AU 


69P881 

\J 7 COO X 


R 


18—06—1 998 

J. vj \J\J 








AU 


2688795 


A 


19-01-1996 








CA 


2193819 


A 


04-01-1996 








FP 
l. r 


076690? 


A 

r\ 


QQ_04-1QQ7 








FT 




A 


i 3-0P-19Q7 

lO Ul 17j/ 








jp 


10502195 


T 


24-02-1998 








wo 


9600485 


A 


04-01-1996 


WO 9519593 


A 


20-07-1995 


AU 


1390395 


A 


01-08-1995 








GB 


2300288 


A 


30-10-1996 1 



W0 9613814 A 09-05-1996 FI 945075 A 29-04-1996 

EP 0739526 A 30-10-1996 

FI 962553 A 25-11-1997 

FI 962961 A 28-08-1996 

FI 971009 A 26-04-1997 

FI 971248 A 26-04-1997 

FI 971848 A 30-04-1997 



FR 2740291 A 25-04-1997 NONE 



Form PCT/ISA/210 (patent family annex) (July 1992) 



